0f594e47ac217a8c872ea1be329ba9cdf41cd79eccbbde59bbab15eb50ebfc77

Analysis

max time kernel
150s
max time network
123s
platform
windows7_x64
resource
win7-20240221-en
resource tags

arch:x64arch:x86image:win7-20240221-enlocale:en-usos:windows7-x64system
submitted
30/05/2024, 13:51

Sharing

Copy URL

Twitter E-mail

Report Analysis Logs

General

Target

6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
Size

88KB
MD5

6b4d49dbb7d8e33f926b8469fc1819f0
SHA1

1fa3c53dea032fa57ea929a79b94b9be0c854fcb
SHA256

0f594e47ac217a8c872ea1be329ba9cdf41cd79eccbbde59bbab15eb50ebfc77
SHA512

c4db7de4a89ec50c39b3027b4af596abd63f1b0c3ac5733da556e36381a2b913655661c51a532dff56b23342d815e2687580dd8bda27cde4bc5021bc7a8c2ca2
SSDEEP

1536:W7ZhA7pApMaxB4b0CYJ97lEVqNR7Yge+eJG/x/DM6:6e7WpMaxeb0CYJ97lEYNR73e+eKZf

Score

9^/10

ransomware

Malware Config

Signatures

Renames multiple (3451) files with added filename extension
This suggests ransomware activity of encrypting all the files on the system.
ransomware

Drops file in Program Files directory 64 IoCs

description	ioc	Process
File created	C:\Program Files\Common Files\SpeechEngines\Microsoft\TTS20\MSTTSEngine.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\SpecialOccasion\whitemask1047.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.director.app.nl_zh_4.4.0.v20140623020002.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Argentina\Mendoza.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Microsoft Office\Office14\ONBttnIE.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libvorbis_plugin.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Pets_btn-over-DOT.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\update_tracking\org-netbeans-modules-profiler-utilities.xml.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\bin\unpack200.exe.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Mozilla Firefox\api-ms-win-crt-utility-l1-1-0.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Reference Assemblies\Microsoft\Framework\v3.0\fr\WindowsBase.resources.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Media Player\Network Sharing\wmpnss_color48.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Shatter\NavigationRight_ButtonGraphic.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\default_apps\external_extensions.json.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\db\bin\stopNetworkServer.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\audio_filter\libsimple_channel_mixer_plugin.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\PicturePuzzle.Gadget\fr-FR\js\picturePuzzle.js.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Kentucky\Louisville.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\codec\libjpeg_plugin.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\es-ES\gadget.xml.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\Gadget_Main_Background_QuickLaunch.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-openide-loaders_zh_CN.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\org-netbeans-core-ui.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\management\jmxremote.password.template.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT-2.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\video_chroma\libi422_yuy2_plugin.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.help.base.nl_ja_4.4.0.v20140623020002.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\SlideShow.Gadget\images\next_down.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\America\Santo_Domingo.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\CPU.Gadget\it-IT\css\cpu.css.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\7-Zip\Lang\ca.txt.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\ipssrl.xml.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\Locales\ml.pak.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\zi\America\Argentina\Salta.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\modules\locale\org-netbeans-core-output2_ja.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\profiler\modules\locale\org-netbeans-modules-profiler-oql_zh_CN.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\dt_socket.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\calendars.properties.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.e4.core.commands_0.10.2.v20140424-2344.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Asia\Kamchatka.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\RSSFeeds.Gadget\images\buttonDown_On.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Sports\SceneButtonSubpicture.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\bin\jli.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\lib\security\local_policy.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\MediaCenter.Gadget\images\button_left_mousedown.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\ink\fsdefinitions\numbers\numbase.xml.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\com.jrockit.mc.console.ui.notification_contexts.xml.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\platform\config\ModuleAutoDeps\org-openide-loaders.xml.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\SystemV\AST4.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\images\settings_box_top.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\Stationery\HandPrints.jpg.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\Microsoft Shared\VSTO\vstoee90.tlb.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui.notification_5.5.0.165303\html\dcommon\gifs\doclib.gif.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\com.jrockit.mc.console.ui_5.5.0.165303.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\plugins\stream_out\libstream_out_setid_plugin.dll.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\VideoLAN\VLC\locale\nl\LC_MESSAGES\vlc.mo.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Windows Sidebar\Gadgets\Clock.Gadget\en-US\css\settings.css.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Common Files\System\msadc\es-ES\msdaprsr.dll.mui.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\DVD Maker\Shared\DvdStyles\Pets\Notes_INTRO_BG_PAL.wmv.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Google\Chrome\Application\106.0.5249.119\VisualElements\Logo.png.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\jre\bin\javacpl.cpl.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\missioncontrol\plugins\org.eclipse.equinox.p2.reconciler.dropins_1.1.200.v20131119-0908.jar.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jdk1.7.0_80\lib\visualvm\visualvm\.lastModified.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
File created	C:\Program Files\Java\jre7\lib\zi\Etc\GMT.tmp	6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe

C:\Users\Admin\AppData\Local\Temp\6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe
"C:\Users\Admin\AppData\Local\Temp\6b4d49dbb7d8e33f926b8469fc1819f0_NeikiAnalytics.exe"
1⤵
- Drops file in Program Files directory
PID:2872

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads

C:\$Recycle.Bin\S-1-5-21-1298544033-3225604241-2703760938-1000\desktop.ini.tmp

Filesize
88KB

MD5
7a73a946e11b9a71089ce7b7c41332bf

SHA1
12a5a9d2553d3a738814a8e18568239941e7aae9

SHA256
e418d19957dfe3f35dbfcd6ed014c228ba2327e30d9ce066449615729dbfd863

SHA512
3af1aebf88108e0fc029f18fa10771ca7cc9db4b0e52a63eee9f9ce616ea36775ea0336312e3d5aaafca710324d44fc58e3228aae10a5842495d891c317e9c1c

Download Submit
C:\MSOCache\All Users\{90140000-0011-0000-0000-0000000FF1CE}-C\Office64WW.xml.tmp

Filesize
97KB

MD5
630d9ee1a3f710eb41d941145926f9ed

SHA1
84f6228b8d40755d75159162c34b85b2e4e05e79

SHA256
8cae0c261fe5f26744eee9028a1a3cd663febe2938f17c653260b900113f00f0

SHA512
64d7de4d573862f2a4d884b5261db05e2f629192a5faaa1436122563ca3d0548c19544b1ea667a78338c771431ea290a19849cc75c7eb25ce74f632bd343267f

Download Submit

Analysis

Sharing

General

Malware Config

Signatures

Processes

Network

MITRE ATT&CK Matrix

Replay Monitor

Loading Replay Monitor...

Downloads